Msg#: 3040623 posted 12:22 am on Aug 10, 2006 (gmt 0)
My website is running with 3 servers and all of them are exactly the same. What I mean is they have same softwares installed.
So here's my question. What's the best way to handle this 3 servers the most efficiently? Right now, if a security fix must be applied for apache for example, then I need to re-install apache 3 times and it's kind of annoying :D
I think there is a better way to do that? At leat I hope so.
Msg#: 3040623 posted 7:57 pm on Aug 10, 2006 (gmt 0)
i do not have the latest release
In my experience, on a production box, you should NOT work with the latest release, you should work with the latest patched release of the ORIGINAL version of the package that shipped with your distro.
For example, I've got one particular production server which runs SuSE 10.0. It's currently running 'apache2-2.0.54-10.5' which is the latest patched apache2 that comes from SuSE for SuSE 10.0 boxes.
I'm aware that I could go and get either a source tarball of version 2.2.3 or 2.0.59 direct from httpd.apache.org - but why bother? SuSE's advisory [novell.com] tells me that, to fix the security hole, the version I need is 2.0.54-10.5.
The best bit? YaST does all the patching for me while I'm doing something far more interesting... and in fact by the time I'd read the mod_rewrite security advisory, this particular box had patched itself. Can't beat that :-)
Msg#: 3040623 posted 4:00 am on Aug 13, 2006 (gmt 0)
Webdoctor is correct. Use your package manager for your distribution to update your packages. Whether or not two packages need to be installed is an entirely different matter. I'm not familiar with mysqli, but if it's a common package you should be able to install it with your distro's package manager as well. Use the package manager where ever possible - it'll make your updating and security installs very straightforward.
As for updating 3 servers, that's minimal if you use the package managers. I use mandriva's built in gui once a week on all my machines to install all new bugfixes and security updates. Takes me about 3 minutes to start up the automated process on 4 seperate machines. Mandriva has a 'show all bugfixes and security updates available' feature, I'm sure other distro's do as well.